Action Modifiers

Additional actions can also be specified, independent of whether the packet is dropped or forwarded. These additional actions are called action modifiers. Not all action modifiers are available on all switches, and not all are available for both ingress and egress ACLs. The action modifiers are:
  • class-id value 0-4095—Signifies that the rule will be installed in the LOOKUP stage access-list resource. Class-id range varies from platform to platform.
  • count countername—Increments the counter named in the action modifier.
    • ingress—all platforms
    • egress—BlackDiamond X8 series switches, BlackDiamond 8000 c-, xl-, and xm-series modules, E4G-200 and E4G-400 cell site routers, and Summit X450-G2, X460, X460-G2, X480, X670, X670-G2 and X770 series switches only. On egress, count does not work in combination with deny action.
    Note

    Note

    On egress, count does not work in combination with deny action in some platforms
  • add-vlan-id—Adds a new outer VLAN id. If the packet is untagged it will add a vlan tag to the packet. If the packet is tagged, it will add additional VLAN tag. Only supported in VLAN Lookup stage (VFP).
  • byte-count byte counter name—Increments the byte counter named in the action modifier (BlackDiamond X8 series switches, BlackDiamond 8000 c-, e-, xl-, and xm-series modules, and Summit family switches only).
  • packet-count packet counter name—Increments the packet counter named in the action modifier (BlackDiamond X8 series switches, BlackDiamond 8000 c-, e-, xl- and xm-series modules, and Summit family switches only).
  • log—Logs the packet header.
  • log-raw—Logs the packet header in hex format.
  • meter metername—Takes action depending on the traffic rate. (Ingress and egress meters are supported on the platforms listed for these features in the Feature License Requirements document.
  • mirror—Rules that contain mirror as an action modifier will use a separate slice.
  • mirror-cpu—Mirrors a copy of the packet to the CPU in order to log it. For Summit X460 and E4G400, it is supported in ingress/egress. In all other platforms, it is supported only in ingress.
  • qosprofile qosprofilename—Forwards the packet to the specified QoS profile.
    • ingress—all platforms
    • egress—does not forward the packets to the specified qosprofile. If the action modifier “replace-dot1p” is present in the ACL rule, the dot1p field in the packet is replaced with the value from associated qosprofile. (BlackDiamond X8 series switches, BlackDiamond 8000 c-, xl-, and xm-series modules,E4G-200 and E4G-400 cell site routers, and Summit X460, X460-G2, X480, X670, X670-G2, and X770 series switches only).
  • redirect ipv4 addr—Forwards the packet to the specified IPv4 address (BlackDiamond X8 series switches, BlackDiamond 8000 c-, e-, xl-, and xm-series modules, and Summit family switches only).
  • redirect-port port—Overrides the forwarding decision and changes the egress port used. If the specified port is part of a load share group then this action will apply the load sharing algorithm. (BlackDiamond X8 series switches, BlackDiamond 8000a-, c-, e-, xl-, and xm-series modules, E4G-200 and E4G-400 cell site routers, and Summit family switches only.)
  • redirect-port-list port_list—Supports multiple redirect ports as arguments. When used in an ACL, matching packets are now redirected to multiple ports as specified in the ACL while overriding the default forwarding decision. Maximum number of ports that can be mentioned in this list is 64. (Summit X440, X460, X480, X670, X770, E4G-200, E4G-400, BlackDiamond 8K - 8900-G96T-c, 8900-10G24X-c, 8900-G48T-xl, 8900-G48X-xl, 8900-10G8X-xl, 8900-40G6X-xm, BlackDiamond X8.)
  • redirect-port-no-sharing port—Overrides the forwarding decision and changes the egress port used. If the specified port is part of a load share group then this action overrides the load sharing algorithm and directs matching packets to only this port. (BlackDiamond X8 and 8000 series switches, E4G-200 and E4G-400 cell site routers, and Summit family switches.)
  • redirect-name name—Specifies the name of the flow-redirect that must be used to redirect matching traffic. (BlackDiamond X8 and 8000 series switches, E4G-200 and E4G-400 cell site routers, and Summit family switches except X430.)
  • replace-dscp—Replaces the packet‘s DSCP field with the value from the associated QoS profile.
    • ingress—BlackDiamond X8, 8000 c-, e-, xl-, and xm-series modules, and Summit family switches only.
    • egress—BlackDiamond X8 series switches, BlackDiamond 8000 c-, xl-, and xm-series modules, E4G-200 and E4G-400 cell site routers, and Summit X450-G2, X460, X460-G2, X480, X670, X670-G2, and X770 series switches only.
  • replace-dot1p—Replaces the packet‘s 802.1p field with the value from the associated QoS profile.
    • ingress—BlackDiamond X8, 8000 c-, e-, xl-, and xm-series modules, and Summit family switches only.
    • egress—BlackDiamond X8 series switches, BlackDiamond 8000 c-, xl-, and xm-series modules, E4G-200 and E4G-400 cell site routers, and Summit X450-G2, X460, X460-G2, X480, X670, X670-G2, and X770 series switches only.
  • replace-dot1p-value value—Replaces the packet's 802.1p field with the value specified without affecting the QoS profile assignment.
    • ingress—BlackDiamond X8, 8000 c-, e-, xl-, and xm-series modules and the Summit family switches only.
    • egress—BlackDiamond X8 series switches, BlackDiamond 8000 c-, xl-, and xm-series modules, E4G-200 and E4G-400 cell site routers, and Summit X450-G2, X460, X460-G2, X480, X670, X670-G2, and X770 series switches only.
  • replace-ethernet-destination-address mac-address—Replaces the packet's destination MAC address; this is applicable only to layer-2 forwarded traffic. (BlackDiamond X8, 8000 c-, e-, xl-, and xm-series modules and the Summit family switches only.)